Summary: | app-text/poppler <0.6.3 xpdf Object embedded font function dereference (CVE-2008-1693) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | loki_val, printing |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 201448 | ||
Bug Blocks: |
Description
Robert Buchholz (RETIRED)
2008-04-08 10:04:05 UTC
I'm waiting for some indication of how to fix this... A patch was introduced in the 0.6.2 release, and is available here: http://gitweb.freedesktop.org/?p=poppler/poppler.git;a=commitdiff;h=1a531dcfee1c6fc79a414c38cbe7327fbf9a59d8 Arch Security Liaisons, please test and mark stable: =app-text/poppler-0.6.3 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86" CC'ing current Liaisons: alpha : ferdy amd64 : welp hppa : jer ppc : dertobi123 ppc64 : corsair release : pva sparc : fmccor x86 : opfer dang, anything that can be done about bug 201448 beforehand? As it seems, neither KPDF nor TeX are affected, because both had the cairo-related code paths removed. I'll take a look. I don't have anything with qt, so it will take a bit. Okay, bug 201448 is fixed. Probably a good idea to test and mark app-text/poppler-bindings-0.6.3 stable in the same go. Stable for HPPA: =app-text/poppler-0.6.3 =app-text/poppler-bindings-0.6.3 Anything else? :) alpha/ia64/sparc/x86 stable ppc64 stable amd64 stable ppc stable (proxy commit for dertobi123) Lifting embargo since the agreed date has passed. Arches, please test and mark stable: =app-text/poppler-0.6.3 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86" Already stabled : "alpha amd64 hppa ia64 ppc ppc64 sparc x86" Missing keywords: "arm m68k release s390 sh" GLSA 200804-18 Fixed in release snapshot. *** Bug 221297 has been marked as a duplicate of this bug. *** |